Method for checking user access

US 6,983,377 B1
Filed: 11/24/1999
Issued: 01/03/2006
Est. Priority Date: 03/08/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for checking the access of a user operating a first computer system controlled by a first security system to software and/or data on a second computer system controlled by a second security system comprising the following steps:

a) transmitting a user-id from said first computer system to said second computer system and a challenge from said second computer system to said first computer system,b) transmitting said user-id and said challenge from said first computer system to said first security system,c) transmitting said user-id from said second computer system to a trusted agent and from said trusted agent to said second security system,d) transmitting a shared secret, which is registered in said first security system and in said second security system, from said second security system to said trusted agent and from said trusted agent to said second computer system,e) calculating in said first security system a first response using said shared secret,f) calculating in an access control unit of said second computer system, which access control unit is able to apply the rules of the first security system to calculate a response to a challenge, a second response to said challenge using said shared secret,g) transmitting said first response from said first security system to said first computer system, andh) transmitting said first response from said first computer system to said second computer system and comparing said first response and said second response in the second computer system in order to complete the access check of said user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted agent for enabling the check of the access of a user operating a first computer system controlled by a first security system to software and/or data on a second computer system controlled by a second security system. The trusted agent includes several functions, including: (a) reception of a user-id for the second computer system and transmission of the user-id to the second security system; (b) retrieval of a shared secret, which is registered in the fist security system and in the second security system, from the second security system; and (3) transmission of the shared secret from the trusted agent to the second computer system.

Citations

13 Claims

1. A method for checking the access of a user operating a first computer system controlled by a first security system to software and/or data on a second computer system controlled by a second security system comprising the following steps:
- a) transmitting a user-id from said first computer system to said second computer system and a challenge from said second computer system to said first computer system,b) transmitting said user-id and said challenge from said first computer system to said first security system,c) transmitting said user-id from said second computer system to a trusted agent and from said trusted agent to said second security system,d) transmitting a shared secret, which is registered in said first security system and in said second security system, from said second security system to said trusted agent and from said trusted agent to said second computer system,e) calculating in said first security system a first response using said shared secret,f) calculating in an access control unit of said second computer system, which access control unit is able to apply the rules of the first security system to calculate a response to a challenge, a second response to said challenge using said shared secret,g) transmitting said first response from said first security system to said first computer system, andh) transmitting said first response from said first computer system to said second computer system and comparing said first response and said second response in the second computer system in order to complete the access check of said user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method according to claim 1, characterized in that the shared secret is individual to said user.
  - 3. A method according to claim 2, characterized in that the shared secret is a hashed value of a password of said user.
  - 4. A method according to claim 1, characterized in that the second computer system comprises a system which issues said challenge and calculates said second response according to the rules of the first security system.
  - 5. A method according to claim 1, characterized in that the shared secret is established by the following steps:
    - calculating a shared secret of a password of said user by subjecting said password to a secret function,registering said shared secret in said first security system controlling said first computer system,calculating an encrypted shared secret of said shared secret by subjecting said shared secret to an encryption function,transmitting said encrypted shared secret to said trusted agent and further to said second security system,retrieving said shared secret in said second security system by decrypting said encrypted shared secret, andregistering said shared secret in said second security system controlling said second computer system.
  - 6. A method according to claim 1, characterized in that the second computer system comprises a server.
  - 7. A method according to claim 1, characterized in that the first computer system comprises a client.
  - 8. A method according to claim 1, characterized in that the first and the second computer system are linked by a WAN or a LAN.
  - 9. A method according to claim 1, characterized in that the first computer system is operated under Windows NT and the second computer system is operated under OS/390.
  - 10. A method according to claim 1, characterized in that the communication between the first and the second computer system is done via secure channels.
  - 11. A method according to claim 1, characterized in that the authentication of said user is effected in the first computer system and the authorisation of said user is effected in the second computer system.
  - 12. A series of executable program steps stored on at least one computer readable memory, the program steps when executed by a computer system causing the computer system to perform a method for checking the access as recited in claim 1.
  - 13. A computer readable medium with a computer program for carrying out the method according to claim 1 on a computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Software AG
Original Assignee
Software AG
Inventors
Vogler, Thomas, Kessler, Dieter, Gaertner, Dietmar, Beesley, Neil, Holme, James, Kennedy, Terence
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Arani, Taghi T.

Application Number

US09/448,991
Time in Patent Office

2,232 Days
Field of Search

713/201, 713/155, 713/159, 713/162, 713/164, 713/187, 709/229
US Class Current

726/12
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6236   between heterogeneous systems

H04L 63/0435   wherein the sending and rec...

H04L 63/10   for controlling access to d...

Method for checking user access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for checking user access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links